FortiView – FortiManager 5.2

Top Cloud Applications/Users

The Top Cloud Applications/Users dashboard displays information about the cloud application/user traffic on your FortiGate unit. You can drill down the displayed information, select the device and time period, and apply search filters.

Top cloud applications

The following information is displayed:

Application Displays the application name. Select the column header to sort entries by application. You can apply a search filter to the application (app) column.
User Displays the user name. Select the column header to sort entries by user. This column is only shown when Cloud Users is selected in the applications/users dropdown list.
Category Displays the application category. Select the column header to sort entries by category. You can apply a search filter to the category (appcat) column. This column is only shown when Cloud Applications is selected in the applications/users drop-down list.
Risk Displays the application risk level. Hover the mouse cursor over the entry in the column for additional information. Select the column header to sort entries by risk.

Risk uses a new 5-point risk rating. The rating system is as follows: l Critical: Applications that are used to conceal activity to evade detection.

l   High: Applications that can cause data leakage, are prone to vulnerabilities, or downloading malware. l Medium: Applications that can be misused.

l   Elevated: Applications that are used for personal communications or can lower productivity.

l   Low: Business related applications or other harmless applications. This column is only shown when Cloud Applications is selected in the applications/users drop-down list.

Login IDs Displays the number of login IDs associated with the application. Select the column header to sort entries by login ID.

This column is only shown when Cloud Applications is selected in the applications/users drop-down list.

Sessions (Blocked/Allowed) Displays the number of sessions associated with the application that are blocked or allowed. Select the column header to sort entries by sessions.
File (Up/Down) Displays the number of files uploaded and downloaded. Hover the mouse cursor over the entry in the column for additional information. Select the column header to sort entries by file.
Videos Played Displays the number of videos played using the application. Select the column header to sort entries by videos played.
Bytes (Sent/Received) Displays the value for sent and received packets. Select the column header to sort entries by bytes.

The following options are available:

Search Click the search field to add a search filter and select the GO button to apply the search filter. Alternatively, you can right-click the column entry to add the search filter.
Devices Select the device or log array from the drop-down list or select All Devices. Select the GO button to apply the device filter.
Time Period Select the time period from the drop-down list. Select Custom from the list to specify the start and end date and time. Select the GO button to apply the time period filter.
N When selecting a time period with last N in the entry, you can enter the value for N in this text field.
Custom When Custom is selected the custom icon will be displayed. Select the icon to change the custom time period.
Cloud Applications / Cloud Users Select to view information based on either applications or users.
Go Select the GO button to apply the filter.
Pagination Select the number of entries to display per page and browse pages.
Right-click menu  
Cloud Users / Cloud

Applications

Select to drill down by cloud users to view user related information including IP address, source IP address, number of files uploaded and downloaded, number of videos plays, number of sessions, and bytes (sent/received).

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the user (clouduser) and source (source) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon to return to the Top Cloud Applications page.

Files Select to drill down by files to view file related information including the user email address, source IP address, file name, and file size.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the user (clouduser) and source (srcip) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon to return to the Top Cloud Applications page.

Videos Select to drill down by videos to view video related information including the user email address, source IP address, file name, and file size.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the user (clouduser) and source (srcip) columns to further filter the information displayed. Select the GO button to apply the search filter.

Select the return icon to return to the Top Cloud Applications page.

Sessions Select to drill down by sessions to view session related information including the date and time, source/device IP address, destination IP address, service, number of packets sent and received, user, application, and security action.

You can select to sort entries displayed by selecting the column header. You can apply a search filter in the destination (dstip), service (service), user (user), and application (app) columns to further filter the information displayed. Select the GO button to apply the search filter. Select the return icon to return to the Top Cloud Applications page.

Search Add a search filter and select the GO button to apply the filter.
This entry was posted in Administration Guides, FortiManager and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

16 thoughts on “FortiView – FortiManager 5.2

  1. Stief

    Hello,
    Maybe you can help me. I keep seeing “No Data” if I open Fortiview on my fortimanager.
    I have 2 Fortigates (300D and a 200D) connected to it.
    If I select logview, I can see all the traffic info of both Fortigates.
    If I log on on the Fortigates, Fortiview is working fine. But somehow I can not get data in Fortiview on the Fortimanager.
    What am I doing wrong?

    Regards.
    Stief

    Reply
    1. Mike Post author

      What version of FortiOS are you running on the Manager as well as the FortiGates? (I know you posted this on the FortiManager 5.2 page but I would like to confirm)

      Reply
  2. Stief

    Hi Mike,
    Thanks for the reply.
    It’s set to log all traffic. But also UTM stuff.
    In Logview I can see everything but Fortiview stays empty.

    Reply
  3. Mike Post author

    I would check to see if ADOM’s were enabled. If they aren’t….enable them and make sure the ADOM that the FortiGate’s are a part of are listed as 5.4.

    Sometimes I notice weird shenannigans and after looking deeper it is because during the upgrade process, or something along those lines…..the FortiManager/FortiAnalyzer is still operating the devices beneath it in 5.2 mode.

    Let me know if that doesn’t make any sense. Long day so this response is sort of stream of consciousness lol

    Reply
  4. Stief

    Hi,
    Apperently it was a bug that is fixed in the latest release. After installing everything is working fine again.

    Reply
  5. surendran

    Dear Mike,
    In fortimanager under fortiview -vpn-ssl-dialup-ipsec-monitor stopped reporting for last 4 days. Pls guide how to resolve the issue.
    Regards,

    Reply
  6. surendran

    All devices are registered/added in device manager, fortview has stopped logging from 26th april,

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.